Mozilla Products Security Bypass Vulnerability - May12 (Windows) Network Vulnerability

Summary

This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to security bypass vulnerability

Impact

Successful exploitation could allow attackers to inject scripts or bypass certain security restrictions. Impact Level: Application

Solution

Upgrade to Mozilla Firefox version 12.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to SeaMonkey version to 2.9 or later, http://www.mozilla.org/projects/seamonkey/ Upgrade to Thunderbird version to 12.0 or later, http://www.mozilla.org/en-US/thunderbird/

Insight

The flaw is due to an error within the handling of XMLHttpRequest and WebSocket while using an IPv6 address can be exploited to bypass the same origin policy.

Affected

SeaMonkey version before 2.9 Thunderbird version 5.0 through 11.0 Mozilla Firefox version 4.x through 11.0

References

http://secunia.com/advisories/48932/
http://secunia.com/advisories/48972/
http://securitytracker.com/id/1026971
http://www.mozilla.org/security/announce/2012/mfsa2012-28.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0475
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

ICMP domain name request
CuteNews Version Detection for Windows
Cobalt Web Administration Server Detection
Leave information on scanned hosts
Comodo Internet Security Race Condition Vulnerability-02

Take action and discover your vulnerabilities